Ubuntu Security Notice 1750-1 - Brad Spengler discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.
73e13acda7d9d77b7969d9503affe8ed8dc750ce6f661c289555fcad458576a7Mandriva Linux Security Advisory 2013-015 - Multiple vulnerabilities has been found and corrected in apache. Various XSS flaws due to unescaped hostnames and URIs HTML output in mod_info, mod_status, mod_imagemap, mod_ldap, and mod_proxy_ftp. XSS in mod_proxy_balancer manager interface. Additionally the ASF bug 53219 was resolved which provides a way to mitigate the CRIME attack vulnerability by disabling TLS-level compression. Use the new directive SSLCompression on|off to enable or disable TLS-level compression, by default SSLCompression is turned on. The updated packages have been upgraded to the latest 2.2.24 version which is not vulnerable to these issues.
94833505f389d6e6209ac42e6b69342490887f9f5804bcc9728626e073cc31c9Slackware Security Advisory - New seamonkey packages are available for Slackware 13.37, 14.0, and -current to fix security issues.
86d92b3b2f7a535d4a89c45c0eaa6ff4582c09480cde5f8f160d499eb9778223Debian Linux Security Advisory 2632-1 - Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
54cf45d8989693da62afdd45038b3a32302b8109d2cab63de5e5015476212995Ubuntu Security Notice 1749-1 - Brad Spengler discovered a bounds checking error for netlink messages requesting SOCK_DIAG_BY_FAMILY. An unprivileged local user could exploit this flaw to crash the system or run programs as an administrator.
65bc984bc8f52390b39659cf092b4a628b4c705c08421d06c434a898eca785c6War FTP Daemon version 1.82 suffers from a denial of service vulnerability in the way log messages are relayed from the internal log handler to the Windows Event log when the server is running as a Windows service.
cdae585737ae9a5399b6284d3c2f475b31f3286086f62769ba975f53fa17a9adUbuntu Security Notice 1748-1 - Bobby Holley discovered vulnerabilities in Chrome Object Wrappers (COW) and System Only Wrappers (SOW). If a user were tricked into opening a specially crafted page and had scripting enabled, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Thunderbird. Frederik Braun discovered that Thunderbird made the location of the active browser profile available to JavaScript workers. Scripting for Thunderbird is disabled by default in Ubuntu. Various other issues were also addressed.
4295ba720441084e4395afdd80a04eadc905f04335128d2e3c50297585ec504eDebian Linux Security Advisory 2629-1 - Multiple OpenJPEG issues have been addressed. Heap memory corruption leading to invalid free when processing certain Gray16 TIFF images. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow in JPEG2000 image parsing. Huzaifa Sidhpurwala of the Red Hat Security Response Team found a heap-based buffer overflow when decoding JPEG2000 images.
f5a211f64f0275309bc3f98a01bf8d552052d9e43cec1d291991394d2ff0966eVUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Windows. The vulnerability is caused by an integer overflow error in the "SysAllocStringLen()" function within the "Oleaut32.dll" (Object Linking and Embedding Automation) library, which could allow remote attackers to execute arbitrary code via a specially crafted web page or Office document.
8e67f8b3f49e0baf5c8cdedac5b1335d0cde5c5ed9ab9eb564c2802292ccb781Apache Maven version 3.0.4 (with Apache Maven Wagon version 2.1) has introduced a non-secure SSL mode by default. This mode disables all SSL certificate checking, including: host name verification , date validity, and certificate chain. Not validating the certificate introduces the possibility of a man-in-the-middle attack.
54b8a3c9c72b613700cbc8a0df15bda1fc8bf0236fd7a3b9243695817a44ea7fDebian Linux Security Advisory 2631-1 - Squid3, a fully featured Web proxy cache, is prone to a denial of service attack due to memory consumption caused by memory leaks in cachemgr.cgi.
62ad006b2455956a38e0d73d9d4610a63b827cbb6ef605de9084d4d383314ac6Mandriva Linux Security Advisory 2013-014 - Multiple security issues were identified and fixed in OpenJDK. MBeanServer access restrictions were added, improved TLS handling of invalid messages, and more.
8ac40eb4b2ce07209ddf331559853b548ca985e61c74804dcf0ddfa8c2e80994Ubuntu Security Notice 1746-1 - Chris Wysopal discovered that Pidgin incorrectly handled file transfers in the MXit protocol handler. A remote attacker could use this issue to create or overwrite arbitrary files. This issue only affected Ubuntu 11.10, Ubuntu 12.04 LTS and Ubuntu 12.10. It was discovered that Pidgin incorrectly handled long HTTP headers in the MXit protocol handler. A malicious remote server could use this issue to execute arbitrary code. Various other issues were also addressed.
cab8da5f6e98651feb98f652311a38e0a1209f3942cdce9adda737ce25ba333dUbuntu Security Notice 1747-1 - It was discovered that Transmission incorrectly handled certain micro transport protocol packets. A remote attacker could use this issue to cause a denial of service, or possibly execute arbitrary code.
f1a5e333f4463410577bb016b2bae709778d942ed9697ed337f84b18fede5ceaSecurity Explorations has discovered two new security issues in Java SE 7 Update 15.
6e34dc4dfaf21577b6c54c34aa6c280cdca75c13e6e64bafe3d587b41b47e888Onapsis Security Advisory - Abuse of the SAP SMD agent unauthenticated interface will allow a remote attacker to install an arbitrary application and achieve a full compromise of the SMD agent and the SAP instances installed on the server.
36b9779f3920be11724a516d2b460f2187a417205eb2607fd3dedbdb7e5e7b94Onapsis Security Advisory - The SAP CCMS agent is built as an RFC external server, exposing several RFC functions. One of these functions allows a remote unauthenticated user to execute arbitrary commands which are executed with SIDADM privileges (the highest possible in the SAP world).
dd361885dbd5c02f12bfddbe6e1861c6ae6081f3fcfc5fdbadf9827a88d812e1Team SHATTER Security Advisory - Some parameters of /em/console/database/instance/rsrcpln in Oracle Enterprise Manager Resource Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
3e0451015ffc224ce11f7401a2782d3c1356e250ea3e9faa7ee1dcc8a739b25bTeam SHATTER Security Advisory - It appears that /em/console/database/dist/advRepl/advReplicationAdmin in Oracle Enterprise Manager suffers from multiple cross site scripting vulnerabilities. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
2792aa7ae5419664ab0b71553d18effc0c29b4e0fc48bb1b6aed69cf14d1a326Onapsis Security Advisory - By exploiting an arbitrary file access vulnerability in the SAP J2EE Core Services, a remote unauthenticated attacker may be able to compromise the entire ERP system.
da3f2ea2375b491dc09f2e39744d27613ea5e3233a1d79d58c43b34842597e24Onapsis Security Advisory - As the server does not perform a proper security validation on the input parameters, it is possible to inject DHTML code that would be rendered to the user accessing the link in SAP Enterprise Portal.
90263b999fd3713c409e968fef5750efe496d3c670dd404aa00e7175cccf16dfTeam SHATTER Security Advisory - Oracle Enterprise Manager Database Control Segment Advisor page is vulnerable to an arbitrary URL redirection/phishing vulnerability. An attacker may inject an arbitrary URL into the web application and force the application to redirect to it without any validation. This vulnerability can be used in phishing attacks to trick legitimate users to visit malicious sites without realizing it. The affected link and parameter are /em/console/database/xdb/XDBResource and cancelURL. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
3e1f7b8dd952616f02834e723183cf85039124c2b4eabdfbed4d636fa1c09feaRuby Parser version 2.0.4 insecurely creates files in /tmp that can allow for a denial of service condition.
094657d654b5045e05adb6d836d052776e6708bb9e26629a4ff9504e67047580Team SHATTER Security Advisory - Some parameters of /em/console/database/dist/streams/queue in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3.
e191ca74b3adea6783bc6eb3b8f33d2b663130f5a1a8d124b4e8d1b20dcac05dTeam SHATTER Security Advisory - Some parameters of /em/console/ecm/config/savedConfig in Oracle Enterprise Manager are vulnerable to SQL injection attacks. Versions affected include Oracle Enterprise Manager Database Control 11.1.0.7, 11.2.0.2, 11.2.0.3.
42308000e542a1d9278b369616e91a8854bbced5e3b206cdf115c4e4f9d06e57
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed